It is the purpose of Internal Audit to support the Executive and Audit Committee of the Southern Oregon University Board of Trustees and the University President by providing independent, objective assurance and consulting services designed to add value, support accountability and improve University operations.
It is the mission of Internal Audit to assist University leadership in accomplishing its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of Southern Oregon University’s risk management, internal control and governance processes. Audits will be conducted with objectivity, transparency, fairness and in accordance with the highest professional and ethical standards.
It is required by professional standards that Internal Audit be totally independent and objective. Therefore, Internal Audit is functionally accountable to the Executive and Audit Committee of the Board of Trustees, but reports administratively directly to the President.
It is the objective of Internal Audit to determine whether the University’s network of governance, risk management and control processes, as designed and represented by management, is adequate and functioning in a manner to confirm that:
- Risks are appropriately identified and managed; specifically including management compliance with laws and regulations.
- Governance interaction occurs as needed.
- Significant financial, managerial, and operating information is accurate, reliable and timely.
- Employee’s actions are in compliance with policies, standards, procedures, professional ethics and applicable laws and regulations; specifically including privacy and security.
- Resources are acquired economically, used efficiently and adequately protected; specifically including review of management processes and internal controls and the prevention and detection of fraud.
- Accountability systems are in place to ensure organizational and program missions, goals, plans, and objectives are achieved.
- Quality and continuous improvement are fostered in the University’s control process.
- Significant legislative or regulatory issues impacting the University are recognized and properly addressed.
Opportunities for improving managements’ governance, risk management control processes, effectiveness and the University’s image may be identified during internal audits. They will be communicated to the appropriate level of management. Significant opportunities and feedback will be summarized and reported to the Executive and Audit Committee of the Board of Trustees.
It is the responsibility of Internal Audit to:
- Develop an annual internal audit plan using an appropriate risk-based methodology and including the consideration of any risks or control concerns identified by management and submit the plan along with a financial budget, human resource plan and any resource limitations or significant interim changes to the President and Executive and Audit Committee of the Board of Trustees for review and approval.
- Implement the annual internal audit plan and report results to the President and Executive and Audit Committee of the Board of Trustees.
- Periodically provide information to the President and Executive and Audit Committee of the Board of Trustees on the status and results of the annual internal audit plan, the sufficiency of Internal Audit resources relative to its Objectives and Responsibilities, and emerging trends and successful practices in internal auditing.
- Provide reports to the Board of Trustees Executive and Audit Committee and President on the implementation status of prior audit recommendations.
- Provide advisory and consulting services, beyond internal audit assurance services, to assist management in meeting their objectives, including participating in the development or modification of major information systems, significant changes in functions, services, processes, operations, control processes or strategies.
- Provide an annual assessment on the adequacy and effectiveness of the University’s processes for controlling its activities, managing its risks, governance, and the performance of management responsibilities in the areas set forth in Internal Audit’s Objectives.
- Report significant issues related to the processes for controlling the activities of the University and its applicable affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
- Assist in the investigation of allegations of fraud or fraudulent actions in accordance with Southern Oregon University fraud policy.
- Maintain a professional internal audit function with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
- Report the results of internal and external assessments conducted in association with the Quality Assurance and Improvement Program.
- Confirm annually the organizational independence of Internal Audit.
Board of Trustees Authorization
Internal Audit is authorized to:
- Have unrestricted access to all functions, records, information, property, and personnel of Southern Oregon University. Information will be handled in a confidential, secure and prudent manner as required by the Code of Ethics.
- Audit any function, program, account or system deemed necessary and appropriate in its sole judgement, notwithstanding a pre-approved internal audit plan.
- Have full and free access to the Executive and Audit Committee of the Board of Trustees in whole or in part in conjunction with open meeting laws.
- Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish internal audit objectives in accordance with professional standards.
- Obtain the necessary assistance of personnel, as well as other specialized services from within or outside the organization.
- Finalize internal audit reports and provide such reports to relevant parties.
- Perform, direct or manage any operational duties for the University external to Internal Audit. Accordingly, Internal Audit will not design, implement, or approve internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair, or give the perception of impairing, Internal Audit’s judgment, independence or objectivity.
- Direct the activities of any University employee not employed by Internal Audit, except to the extent such employees have been appropriately assigned to an internal audit team or to otherwise assist the internal auditor(s). Accordingly, although constantly seeking the input and opinions of others, Internal Audit takes direction solely from the Executive and Audit Committee.
- Initiate or approve accounting transactions external to Internal Audit.
- Perform internal audits of any area or activity where they have worked or for which they have been principally responsible for at least two years after they leave the position.